From 45e00ac93d3f0956808714332ca7b3d5066912d8 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Erich=20Mauerb=C3=B6ck?= <9578115+Enrice@users.noreply.github.com> Date: Fri, 10 Nov 2023 20:58:11 +0100 Subject: [PATCH] add explicit binding (#735) * add explicit binding * fixup building on windows * reactivate unit test --------- Co-authored-by: Enrice --- docs-core/pom.xml | 45 +++-- .../LdapAuthenticationHandler.java | 1 + docs-web/pom.xml | 12 +- .../sismics/docs/rest/TestAppResource.java | 186 ++++++++++-------- pom.xml | 87 ++++---- 5 files changed, 187 insertions(+), 144 deletions(-) diff --git a/docs-core/pom.xml b/docs-core/pom.xml index ffe55ce2b..dd5d2c0f6 100644 --- a/docs-core/pom.xml +++ b/docs-core/pom.xml @@ -8,7 +8,7 @@ 1.12-SNAPSHOT ../pom.xml - + 4.0.0 docs-core jar @@ -20,7 +20,7 @@ org.hibernate.orm hibernate-core - + joda-time @@ -31,12 +31,12 @@ com.google.guava guava - + org.apache.commons commons-compress - + org.apache.commons commons-lang3 @@ -46,7 +46,7 @@ org.apache.commons commons-email - + org.freemarker freemarker @@ -66,17 +66,17 @@ log4j log4j - + org.slf4j slf4j-log4j12 - + org.slf4j slf4j-api - + org.slf4j jcl-over-slf4j @@ -86,17 +86,17 @@ at.favre.lib bcrypt - + org.apache.lucene lucene-core - + org.apache.lucene lucene-analyzers-common - + org.apache.lucene lucene-queryparser @@ -119,7 +119,12 @@ org.apache.directory.api - api-all + api-ldap-client-api + + + + org.apache.directory.api + api-ldap-codec-standalone @@ -127,22 +132,22 @@ org.apache.lucene lucene-backward-codecs - + org.imgscalr imgscalr-lib - + org.apache.pdfbox pdfbox - + org.bouncycastle bcprov-jdk15on - + fr.opensagres.xdocreport fr.opensagres.odfdom.converter.pdf @@ -186,14 +191,14 @@ junit test - + com.h2database h2 test - + @@ -205,7 +210,7 @@ dev - + @@ -221,7 +226,7 @@ prod - + diff --git a/docs-core/src/main/java/com/sismics/docs/core/util/authentication/LdapAuthenticationHandler.java b/docs-core/src/main/java/com/sismics/docs/core/util/authentication/LdapAuthenticationHandler.java index 65d0afc80..b0d7550ff 100644 --- a/docs-core/src/main/java/com/sismics/docs/core/util/authentication/LdapAuthenticationHandler.java +++ b/docs-core/src/main/java/com/sismics/docs/core/util/authentication/LdapAuthenticationHandler.java @@ -62,6 +62,7 @@ public User authenticate(String username, String password) { if (ldapConnection == null) { return null; } + ldapConnection.bind(); EntryCursor cursor = ldapConnection.search(ConfigUtil.getConfigStringValue(ConfigType.LDAP_BASE_DN), ConfigUtil.getConfigStringValue(ConfigType.LDAP_FILTER).replace("USERNAME", username), SearchScope.SUBTREE); diff --git a/docs-web/pom.xml b/docs-web/pom.xml index 20b06e163..47efd9225 100644 --- a/docs-web/pom.xml +++ b/docs-web/pom.xml @@ -129,6 +129,12 @@ test + + org.apache.directory.server + apacheds-all + test + + @@ -182,7 +188,7 @@ /docs-web - src/dev/main/webapp/web-override.xml + ${project.basedir}/src/dev/main/webapp/web-override.xml @@ -260,8 +266,8 @@ org.apache.maven.plugins maven-war-plugin - ${basedir}/src/main/webapp/dist - src\main\webapp\WEB-INF\web.xml + ${project.basedir}/src/main/webapp/dist + src/main/webapp/WEB-INF/web.xml diff --git a/docs-web/src/test/java/com/sismics/docs/rest/TestAppResource.java b/docs-web/src/test/java/com/sismics/docs/rest/TestAppResource.java index 9d261bcf7..ae0388ad8 100644 --- a/docs-web/src/test/java/com/sismics/docs/rest/TestAppResource.java +++ b/docs-web/src/test/java/com/sismics/docs/rest/TestAppResource.java @@ -1,19 +1,30 @@ package com.sismics.docs.rest; +import java.io.File; + +import com.google.common.io.Resources; import com.icegreen.greenmail.util.GreenMail; import com.icegreen.greenmail.util.GreenMailUtil; import com.icegreen.greenmail.util.ServerSetup; import com.sismics.docs.core.model.context.AppContext; import com.sismics.util.filter.TokenBasedSecurityFilter; -import org.junit.Assert; -import org.junit.Test; - import jakarta.json.JsonArray; import jakarta.json.JsonObject; import jakarta.ws.rs.client.Entity; import jakarta.ws.rs.core.Form; import jakarta.ws.rs.core.Response; import jakarta.ws.rs.core.Response.Status; +import org.apache.directory.api.ldap.model.name.Dn; +import org.apache.directory.server.core.api.DirectoryService; +import org.apache.directory.server.core.api.partition.Partition; +import org.apache.directory.server.core.factory.DefaultDirectoryServiceFactory; +import org.apache.directory.server.core.factory.DirectoryServiceFactory; +import org.apache.directory.server.core.partition.impl.avl.AvlPartition; +import org.apache.directory.server.ldap.LdapServer; +import org.apache.directory.server.protocol.shared.store.LdifFileLoader; +import org.apache.directory.server.protocol.shared.transport.TcpTransport; +import org.junit.Assert; +import org.junit.Test; /** @@ -340,89 +351,90 @@ public void testInbox() { */ @Test public void testLdapAuthentication() throws Exception { -// // Start LDAP server -// final DirectoryServiceFactory factory = new DefaultDirectoryServiceFactory(); -// factory.init("Test"); -// -// final DirectoryService directoryService = factory.getDirectoryService(); -// directoryService.getChangeLog().setEnabled(false); -// directoryService.setShutdownHookEnabled(true); -// -// final Partition partition = new AvlPartition(directoryService.getSchemaManager()); -// partition.setId("Test"); -// partition.setSuffixDn(new Dn(directoryService.getSchemaManager(), "o=TEST")); -// partition.initialize(); -// directoryService.addPartition(partition); -// -// final LdapServer ldapServer = new LdapServer(); -// ldapServer.setTransports(new TcpTransport("localhost", 11389)); -// ldapServer.setDirectoryService(directoryService); -// -// directoryService.startup(); -// ldapServer.start(); -// -// // Load test data in LDAP -// new LdifFileLoader(directoryService.getAdminSession(), new File(Resources.getResource("test.ldif").getFile()), null).execute(); -// -// // Login admin -// String adminToken = adminToken(); -// -// // Get the LDAP configuration -// JsonObject json = target().path("/app/config_ldap").request() -// .cookie(TokenBasedSecurityFilter.COOKIE_NAME, adminToken) -// .get(JsonObject.class); -// Assert.assertFalse(json.getBoolean("enabled")); -// -// // Change LDAP configuration -// target().path("/app/config_ldap").request() -// .cookie(TokenBasedSecurityFilter.COOKIE_NAME, adminToken) -// .post(Entity.form(new Form() -// .param("enabled", "true") -// .param("host", "localhost") -// .param("port", "11389") -// .param("admin_dn", "uid=admin,ou=system") -// .param("admin_password", "secret") -// .param("base_dn", "o=TEST") -// .param("filter", "(&(objectclass=inetOrgPerson)(uid=USERNAME))") -// .param("default_email", "devnull@teedy.io") -// .param("default_storage", "100000000") -// ), JsonObject.class); -// -// // Get the LDAP configuration -// json = target().path("/app/config_ldap").request() -// .cookie(TokenBasedSecurityFilter.COOKIE_NAME, adminToken) -// .get(JsonObject.class); -// Assert.assertTrue(json.getBoolean("enabled")); -// Assert.assertEquals("localhost", json.getString("host")); -// Assert.assertEquals(11389, json.getJsonNumber("port").intValue()); -// Assert.assertEquals("uid=admin,ou=system", json.getString("admin_dn")); -// Assert.assertEquals("secret", json.getString("admin_password")); -// Assert.assertEquals("o=TEST", json.getString("base_dn")); -// Assert.assertEquals("(&(objectclass=inetOrgPerson)(uid=USERNAME))", json.getString("filter")); -// Assert.assertEquals("devnull@teedy.io", json.getString("default_email")); -// Assert.assertEquals(100000000L, json.getJsonNumber("default_storage").longValue()); -// -// // Login with a LDAP user -// String ldapTopen = clientUtil.login("ldap1", "secret", false); -// -// // Check user informations -// json = target().path("/user").request() -// .cookie(TokenBasedSecurityFilter.COOKIE_NAME, ldapTopen) -// .get(JsonObject.class); -// Assert.assertEquals("ldap1@teedy.io", json.getString("email")); -// -// // List all documents -// json = target().path("/document/list") -// .queryParam("sort_column", 3) -// .queryParam("asc", true) -// .request() -// .cookie(TokenBasedSecurityFilter.COOKIE_NAME, ldapTopen) -// .get(JsonObject.class); -// JsonArray documents = json.getJsonArray("documents"); -// Assert.assertEquals(0, documents.size()); -// -// // Stop LDAP server -// ldapServer.stop(); -// directoryService.shutdown(); + // Start LDAP server + final DirectoryServiceFactory factory = new DefaultDirectoryServiceFactory(); + factory.init("Test"); + + final DirectoryService directoryService = factory.getDirectoryService(); + directoryService.getChangeLog().setEnabled(false); + directoryService.setShutdownHookEnabled(true); + + final Partition partition = new AvlPartition(directoryService.getSchemaManager()); + partition.setId("Test"); + partition.setSuffixDn(new Dn(directoryService.getSchemaManager(), "o=TEST")); + partition.initialize(); + directoryService.addPartition(partition); + + final LdapServer ldapServer = new LdapServer(); + ldapServer.setTransports(new TcpTransport("localhost", 11389)); + ldapServer.setDirectoryService(directoryService); + + directoryService.startup(); + ldapServer.start(); + + // Load test data in LDAP + new LdifFileLoader(directoryService.getAdminSession(), new File(Resources.getResource("test.ldif").getFile()), null).execute(); + + // Login admin + String adminToken = adminToken(); + + // Get the LDAP configuration + JsonObject json = target().path("/app/config_ldap").request() + .cookie(TokenBasedSecurityFilter.COOKIE_NAME, adminToken) + .get(JsonObject.class); + Assert.assertFalse(json.getBoolean("enabled")); + + // Change LDAP configuration + target().path("/app/config_ldap").request() + .cookie(TokenBasedSecurityFilter.COOKIE_NAME, adminToken) + .post(Entity.form(new Form() + .param("enabled", "true") + .param("host", "localhost") + .param("port", "11389") + .param("usessl", "false") + .param("admin_dn", "uid=admin,ou=system") + .param("admin_password", "secret") + .param("base_dn", "o=TEST") + .param("filter", "(&(objectclass=inetOrgPerson)(uid=USERNAME))") + .param("default_email", "devnull@teedy.io") + .param("default_storage", "100000000") + ), JsonObject.class); + + // Get the LDAP configuration + json = target().path("/app/config_ldap").request() + .cookie(TokenBasedSecurityFilter.COOKIE_NAME, adminToken) + .get(JsonObject.class); + Assert.assertTrue(json.getBoolean("enabled")); + Assert.assertEquals("localhost", json.getString("host")); + Assert.assertEquals(11389, json.getJsonNumber("port").intValue()); + Assert.assertEquals("uid=admin,ou=system", json.getString("admin_dn")); + Assert.assertEquals("secret", json.getString("admin_password")); + Assert.assertEquals("o=TEST", json.getString("base_dn")); + Assert.assertEquals("(&(objectclass=inetOrgPerson)(uid=USERNAME))", json.getString("filter")); + Assert.assertEquals("devnull@teedy.io", json.getString("default_email")); + Assert.assertEquals(100000000L, json.getJsonNumber("default_storage").longValue()); + + // Login with a LDAP user + String ldapTopen = clientUtil.login("ldap1", "secret", false); + + // Check user informations + json = target().path("/user").request() + .cookie(TokenBasedSecurityFilter.COOKIE_NAME, ldapTopen) + .get(JsonObject.class); + Assert.assertEquals("ldap1@teedy.io", json.getString("email")); + + // List all documents + json = target().path("/document/list") + .queryParam("sort_column", 3) + .queryParam("asc", true) + .request() + .cookie(TokenBasedSecurityFilter.COOKIE_NAME, ldapTopen) + .get(JsonObject.class); + JsonArray documents = json.getJsonArray("documents"); + Assert.assertEquals(0, documents.size()); + + // Stop LDAP server + ldapServer.stop(); + directoryService.shutdown(); } } diff --git a/pom.xml b/pom.xml index 3bb46031e..b2f199ea1 100644 --- a/pom.xml +++ b/pom.xml @@ -46,14 +46,15 @@ 1.6.14 1.15.4 4.10.0 - 2.1.3 + 2.1.3 + 2.0.0.AM27 3.0.10 5.0.0 11.0.14 11.0.14 11.0.14 - + 3.1.0 3.3.0 @@ -61,7 +62,7 @@ 3.0.0 11.0.14 - + scm:git:https://github.com/sismics/docs.git scm:git:https://github.com/docs/docs.git @@ -93,7 +94,7 @@ maven-war-plugin ${org.apache.maven.plugins.maven-war-plugin.version} - + org.apache.maven.plugins maven-jar-plugin @@ -109,7 +110,7 @@ false - + org.eclipse.jetty jetty-maven-plugin @@ -117,13 +118,13 @@ - + docs-core docs-web-common docs-web - + @@ -131,38 +132,38 @@ docs-core ${project.version} - + com.sismics.docs docs-web-common ${project.version} - + com.sismics.docs docs-web-common test-jar ${project.version} - + com.sismics.docs docs-web ${project.version} - + org.eclipse.jetty jetty-server ${org.eclipse.jetty.jetty-server.version} - + org.eclipse.jetty jetty-webapp ${org.eclipse.jetty.jetty-webapp.version} - + org.eclipse.jetty jetty-servlet @@ -180,7 +181,7 @@ commons-compress ${org.apache.commons.commons-compress.version} - + org.apache.commons commons-lang3 @@ -198,7 +199,7 @@ commons-email ${org.apache.commons.commons-email.version} - + com.google.guava guava @@ -222,19 +223,19 @@ log4j ${log4j.log4j.version} - + org.slf4j slf4j-log4j12 ${org.slf4j.version} - + org.slf4j slf4j-api ${org.slf4j.version} - + org.slf4j jcl-over-slf4j @@ -264,7 +265,7 @@ jersey-container-servlet ${org.glassfish.jersey.version} - + org.glassfish.jersey.media jersey-media-json-processing @@ -276,7 +277,7 @@ jersey-media-multipart ${org.glassfish.jersey.version} - + org.glassfish.jersey.inject jersey-hk2 @@ -288,7 +289,7 @@ jersey-client ${org.glassfish.jersey.version} - + org.glassfish.jersey.test-framework.providers jersey-test-framework-provider-bundle @@ -307,7 +308,7 @@ jersey-test-framework-provider-grizzly2 ${org.glassfish.jersey.version} - + org.glassfish.jersey.containers jersey-container-grizzly2-servlet @@ -331,7 +332,7 @@ hibernate-core ${org.hibernate.hibernate.version} - + org.freemarker freemarker @@ -349,25 +350,25 @@ lucene-core ${org.apache.lucene.version} - + org.apache.lucene lucene-analyzers-common ${org.apache.lucene.version} - + org.apache.lucene lucene-queryparser ${org.apache.lucene.version} - + org.apache.lucene lucene-backward-codecs ${org.apache.lucene.version} - + org.apache.lucene lucene-suggest @@ -385,25 +386,25 @@ imgscalr-lib ${org.imgscalr.imgscalr-lib.version} - + org.apache.pdfbox pdfbox ${org.apache.pdfbox.pdfbox.version} - + org.bouncycastle bcprov-jdk15on ${org.bouncycastle.bcprov-jdk15on.version} - + fr.opensagres.xdocreport fr.opensagres.odfdom.converter.pdf ${fr.opensagres.xdocreport.version} - + fr.opensagres.xdocreport fr.opensagres.poi.xwpf.converter.pdf @@ -436,8 +437,26 @@ org.apache.directory.api - api-all - ${org.apache.directory.api.api-all.version} + api-ldap-client-api + ${org.apache.directory.api.version} + + + org.apache.directory.api + api-ldap-schema-data + + + + + + org.apache.directory.api + api-ldap-codec-standalone + ${org.apache.directory.api.version} + + + + org.apache.directory.server + apacheds-all + ${org.apache.directory.server.apacheds-all.version} @@ -471,5 +490,5 @@ - +